Every year in the ballrooms at Caesar’s Palace hotel in Las Vegas, thousands of security experts gather to discuss information security and expose vulnerabilities at the Black Hat conference. It’s going on right now through Aug. 1.
The first Black Hat conference took place in 1997. Since then, it has grown from one annual conference in Las Vegas to a global conference series with events in Abu Dhabi, Barcelona, and Washington DC.
Over the years, hackers have exposed how the electronic locks on your hotel room may not be safe, improved ways to detect online government censorship, and have even accessed ATMs.
But big companies aren’t always totally supportive of Black Hat’s mission. In the past, some companies have tried to prevent researchers from exposing flaws in their products.
In 2005, Cisco tried to stop researcher Michael Lynn from talking about a vulnerability that he claimed could let hackers shut down the Internet. Cisco was able to pull out all the pages documenting the flaw from the 2,000 conference attendees’s binders. But the tech giant ultimately couldn’t get the talk canceled.
Other briefings have warned attendees to prepare for a cyber war, and demonstrated how you can spy on your neighbour with a drone.
In addition to the standard talks and training sessions, pranks run pretty rampant at Black Hat. In the past, attendees have hacked Las Vegas hotel TV billing systems and Wi-Fi networks to play tricks on other attendees.
Sometimes there’s even a “Wall of Sheep” that displays the names and partial passwords that hackers have obtained from unsecured computers. It’s meant to shame people who don’t connect to the Internet using secure methods.
In 2009, attendees were passing around a USB thumb drive that actually contained the Conficker virus. It was a piece of malware that tricked you into purchasing a fake antivirus software so it could steal your credit card information.
Reporters are also apparently easy prey for pranksters at Black Hat. In 2008, three reporters allegedly hacked the computers of other reporters covering the conference. A Black Hat spokesperson said that they collected log-in data for reporters from the press room. They supposedly wanted the people behind the Wall of Sheep to display their information, but the group refused.
Hackers party hard
Hackers also party really hard at Black Hat. But that’s not too surprising given the event’s location in Las Vegas.
“In the last 12 months, companies as diverse as Symantec, the security juggernaut, and LinkedIn, the social network, got hacked. And yet, you wouldn’t know it by the scantily clad dancers and elaborate alcohol ice luges at Black Hat parties. At one party at Pure, the nightclub in Caesar’s Palace, hackers and “security suits” mingled and posed for photos with dancers dressed in little more than a thin layer of mud. At another party at the Cosmopolitan’s Marquee nightclub, hackers, security researchers and executives drank from a giant ice luge emblazoned with the word “Microsoft.” One attendee bemoaned the self-congratulatory atmosphere: “It’s pathetic that we’re celebrating an industry that is completely ineffective.” Said another: “What are we supposed to do? Come to Vegas and sit alone, sober and depressed, in our hotel rooms?””
BlackHat is taking place right now in Las Vegas until August 1st. If you’re attending, you may want to take a look at the seven unwritten rules, courtesy of Black Hat attendee Mike Yaffe.
- Wireless: Stay away from all Wi-Fi and turn off your Bluetooth; hacks are happening.
- Encryption: Try to encrypt any information you must send. Use a VPN; people are watching.
- Don’t put it down: Any device left alone is an invitation not just for theft but infection, etc.
- Don’t accept gifts: Someone friendly handing you a USB drive may be hoping to own your info.
- Anything can be hacked: ATMs, room keys, RFID cards, anything, so, be vigilant at all times.
- Try to fit in: If you’re just another person wearing jeans and a T-shirt, well, that helps w/above.
- Don’t be a sheep: The Black Hat “Wall of Sheep” lists all those who get hacked; yes, publicly! (see bullet #1)
Business Insider Emails & Alerts
Site highlights each day to your inbox.